Cut down on costly reverse engineering time: use our interactive decompilers for x86 and x86-64 binaries to analyze Windows malware.
The x86 decompiler and x86-64 decompiler, as well as the Intel x86 analysis modules, provide the following features:
- Support most code object files: Windows PE (EXE binaries, DLL libraries, SYS drivers), Linux ELF, Mach-O, headless firmware, etc.
- Augmented disassembly including resolution of dynamic callsites, candidate values determination for registers, dynamic cross-references, etc.
- Decompilation of x86 and x86-64 to C-like source code.
- Advanced optimization passes to thwart protected or obfuscated code. Power users can craft their
own IR optimizers (example)
- Type libraries for efficient file analysis. JEB ships with typelibs for win32, winddk, linux glibc, android-linux, etc.
Power-users can generate their own typelibs as well (details)
- Traditional signature libraries of common SDK, including all versions of Microsoft Visual Studio runtimes, the Android NDK, etc.
- Codeless signature libraries for common libraries used in malicious and clean applications alike, such as openssl, libssh2, libcurl, etc.
- Interactive layer offered by the GUI client, allowing refactoring: type definition, stackframe building, renaming/commenting/cross-referencing, etc.
- Full API and access to the Intermediate Representations to perform advanced and/or automated code analysis in Python or Java
(details)
- Safe emulation for in-place decryption of obfuscated code.
- Partial Class Recovery and Decompilation to C++ for programs compiled with MS VCPP (demo video).
The Intel reverse-engineering modules ship with JEB Pro and JEB Community Edition